Saturday , April 26 2025
Critical Infrastructure

A Plan to Protect Critical Infrastructure from 21st Century Threats

On April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience to update national policy on protecting and securing critical infrastructure from cyber and all-hazard threats. The memorandum recognizes the changed risk landscape and aims to collaborate with partners to identify and reduce sector, cross-sector, and nationally significant risks. It will also create the 2025 National Infrastructure Risk Management Plan (National Plan) to guide federal efforts in the coming years.

As the National Coordinator for critical infrastructure security and resilience, the Cybersecurity and Infrastructure Security Agency (CISA) will create a forward-looking National Plan. It will use all available federal tools, resources, and authorities to manage and decrease risks at the national level, including risks that affect multiple critical infrastructure sectors. CISA will seek assistance from its partners and other Sector Risk Management Agencies (SRMAs) throughout the year while developing this important document.

NVIDIA Releases Security Update For GPU Driver Vulnerabilities

NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...
Read More
NVIDIA Releases Security Update For GPU Driver Vulnerabilities

‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login...
Read More
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....
Read More
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

NVIDIA NeMo Framework Vuln Allow Attackers RCE

The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and...
Read More
NVIDIA NeMo Framework Vuln Allow Attackers RCE

Cisco Issued Urgent Security Advisories For Multiple Products

Cisco issued a security advisory about a remote code execution (RCE) vulnerability (CVE-2025-32433) affecting multiple products in its portfolio due...
Read More
Cisco Issued Urgent Security Advisories For Multiple Products

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

GitLab Releases Security Update For Multiple Vulns

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
GitLab Releases Security Update For Multiple Vulns

ISPAB president “whatsapp” got hacked via phishing link

Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
ISPAB president “whatsapp” got hacked via phishing link

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
Zyxel released patches 2 vulns in its USG FLEX H series firewalls

South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

The National Plan Must Account for the Evolution of Threats, Vulnerabilities, and Consequences

The 2025 National Plan will outline how the U.S. government will work together with partners to identify and handle national risks. This plan is a continuation of the 2013 National Plan, which emphasized the importance of risk management in enhancing the security of critical infrastructure. However, there is a need for evolution in light of the increasing vulnerabilities and threats that could have widespread consequences. Fortunately, in the past decade, Congress and successive administrations have established new agencies, authorities, and partnerships that enable a comprehensive approach to national risk management. The primary responsibility for implementing this approach through the National Plan falls on CISA, as the National Coordinator.

The National Plan will be Informed by a New Risk Management Cycle

The NSM-22 introduces a new risk management cycle for SRMAs. They will identify, assess, and prioritize risks in their sectors and create risk management plans. CISA will use these plans to identify and prioritize risks at a systemic, cross-sector, and national level. This will help them focus on reducing risk in collaboration with federal, state, local, private, and international partners. The National Plan will acknowledge that it is not possible to protect all critical infrastructure from every threat. Instead, it will outline efforts to make critical infrastructure resilient against the highest-priority risks identified in sector and cross-sector assessments. CISA and other federal partners will also work closely with SRMAs to manage risks specific to their sectors.

We Need You for Us to be Successful:

The U.S. government is developing a new approach to manage risks in critical infrastructure due to technological advancements and global volatility. This includes systems such as energy grids, water systems, transportation networks, healthcare facilities, and communication systems, essential for public safety, economic stability, and national security. With increased interconnectivity, reliance on global technologies and supply chains, and geopolitical tensions, these systems are vulnerable to various threats. Managing these risks will need a national effort involving federal agencies, state, local, tribal, territorial governments, infrastructure owners and operators, and other stakeholders.

We are responsible for keeping the U.S. critical infrastructure secure and resilient. We need to be prepared for new risks and an uncertain future while also keeping an eye out for long-standing threats like terrorism, natural disasters, and targeted violence. Building strong partnerships between the federal government, private-sector, and SLTT partners is crucial for protecting the nation’s critical infrastructure.

In order for the 2025 National Plan to achieve success, it is essential that our partners actively collaborate with us to shape its development and eventual execution. We kindly request your support in working closely with your respective SRMAs throughout the process of creating your sector risk assessments and sector risk management plans. These crucial contributions will serve as the bedrock for the National Plan.

We also invite you to reach out to us at [email protected] to share any innovative ideas or suggestions you may have. Your inputs will truly be invaluable as we strive to formulate a comprehensive plan that enables the U.S. government to effectively prioritize our risk mitigation endeavors and enhance the resilience of the critical infrastructure that lies at the heart of American society. Together, we can create a safer and more secure future for all.

Check Also

Australian Cyber Security Centre Alert for Fortinet Products

The Australian Cyber Security Centre (ACSC) has alerted technical users in both private and public …

Leave a Reply

Your email address will not be published. Required fields are marked *